<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<?php 
if (isset($_GET['id'])) {
    $mysqli = new mysqli('localhost', 'root', '', 'frcc_test'); 

// Define $myusername and $mypassword 
$id=$_GET['id']; 
// To protect MySQL injection (more detail about MySQL injection)
$uid = stripslashes($id);
/* prepare insert statement */
$mysqli->query("SET NAMES 'utf8'");
if ($stmt = $mysqli->prepare("SELECT id, uid, pwd, cname, name, phone FROM directory WHERE id = ? ")) {
    $stmt->bind_param('i', $id);
    $stmt->execute(); 
	$stmt->bind_result($id, $uid, $pwd, $cname, $name, $phone);
	$stmt->fetch();
}
	}?>
<table width="432" height="229" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="updatemember.php">
<td>
<table width="83%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
            <td colspan="3"><strong>Edit Member </strong></td>
</tr>
<tr>
<td width="127">Username:</td>
<td width="214"><input name="myusername" type="text" id="myusername" value="<?php echo $uid ?>"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="mypassword" type="text" id="mypassword" value="<?php echo $pwd ?>"></td>
</tr>
<tr>
<td>Chinese Name:</td><td><input name="cname" type="text" id="cname" value="<?php echo $cname ?>"></td>
</tr>
<tr>
<td>Name:</td><td><input name="name" type="text" id="mname" value="<?php echo $name ?>"></td>
</tr>
<tr>
<td>Phone Number:</td><td><input name="phone" type="text" id="phone" value="<?php echo $phone ?>"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Update">
<INPUT TYPE=HIDDEN NAME="id" value="<?php echo $id ?>">
</td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</body>
</html>